If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Ettercap is working because both ie & firefox are showing the certificate warning, however, exploit is not working. What am I missing completely? You can start your answer like.... "Oi.. stu***, you don't run javascript in this way............ "

I won't mind.... as this is new to me....

PS: I'm on BT4, attacking a vista box with firefox 3.5

If you can't explain it simply, you don't understand it well enough -- Albert Einstein

Im not sure why you are running ettercap. Just fire up apache, put the exploit in apaches root / and call it index.html. Then take your vista box and browse to the page and calc.exe sohould open on the vulnerable machine.

its called MAN-IN-THE-MIDDLE for a reason, what kazalku was doing is smart as shit, just pretend you're the router, and inject the harmful javascript to everyone on the network, and if they have 3.5, theyre screwed on every page they browse to

Im not sure why you are running ettercap. Just fire up apache, put the exploit in apaches root / and call it index.html. Then take your vista box and browse to the page and calc.exe sohould open on the vulnerable machine.

Idea of ettercap came from the fact that in real world, this can be used to inject a frame to the webpage that will take the user to the apache server. Is the idea wrong?

And, yes when I followed the steps you mentioned (Start Apache with the exploit as index.html, then browse to 192.168.1.2), firefox crashes. May be it's due to vista because it was reported that same thing happens with XP SP3.

Originally Posted by Gitsnik

I haven't used it or looked at it yet, but I updated my metasploit dev a couple of hours ago and I saw a new firefox exploit added, it may well resolve many of your issues.

Thanks, will have a look...

If you can't explain it simply, you don't understand it well enough -- Albert Einstein

its called MAN-IN-THE-MIDDLE for a reason, what kazalku was doing is smart as shit, just pretend you're the router, and inject the harmful javascript to everyone on the network, and if they have 3.5, theyre screwed on every page they browse to

Yes, you're right of course.

...but it's all a big hassle if all you wanna do is try out the exploit for the first time.

Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

its called MAN-IN-THE-MIDDLE for a reason, what kazalku was doing is smart as shit, just pretend you're the router, and inject the harmful javascript to everyone on the network, and if they have 3.5, theyre screwed on every page they browse to

Thats not "smart as shit" thats called hacking 101 lol

And btw what your suggesting would bring the network to a crawl, there are better ways to accomplish this.

Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.